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What is Claimed is: 

1 . A method for remote incremental prog ram verificati on, said method comprising: 
receiving content verified by at least one content provider, said at least one content 
provider including an applet provider, a device manufacturer and a device issuer, 
said content including at least one program unit, each program unit comprising an 
Application Programming Interface (API) definition file and an implementation, 
each API definition file defining items in its associated program unit that are 
made accessible to one or more other program units, each implementation 
including erecutable code corresponding to said API definition file, said 
executable code including type specific instructions and data; 
installing said content on a resource-constrained device; 

disabling subsequent installation of content on said resource-constrained device; and 
issuing said resource-constrained device to an end user. 



2. The method of claim 1 wherein said verification is performed by said applet provider. 

3. The method of claim 1 wherein said verification is performed by said device 
manufacturer. 



72 



SUN-P4176 

The method of claim 1 wherein said verification is performed by said device issuer. 

The method of claim 1 wherein said verification is performed by said applet provider 
and said device manufacturer. 

The method of claim 1 wherein said verification is performed by said applet provider 
and said device issuer. 

The method of claim 1 wherein said verification is performed by said device 
manufacturer and said device issuer. 

The method of claim 1 wherein said verification is performed by said applet provider, 
said device manufacturer and said device issuer. 

A method for remote incremental program verification, said method comprising: 
receiving content verified by at least one content provider, said at least one content 
provider including an applet provider, a device manufacturer, a device issuer and 
a trusted post-issuance installer, said content including at least one program unit, 
each program unit comprising an Application Programming Interface (API) 
definition file and an implementation, each API definition file defining items in 
its associated program unit that are made accessible to one or more other program 
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units, each implementation including executable code corresponding to said API 

definition file, said executable code including type specific instructions and data; 
installing said content on a resource-constrained device; 
issuing said resource-constrained device to an end user; and 
5 allowing post-issuance installation of verified content on said resource-constrained 

device by said trusted post-issuance installer, said post-installation occurring after 

said issuance. 

, IS , 10. The method of claim 9 wherein 

m said trusted post-issuance installer verifies a new program unit; and 

I'm 

said trusted post-issuance installer installs said verified new program unit on said 
jr; resource-constrained device. 

^ 1 1 . The method of claim 10 wherein post-issuance verification is performed on a 
j'fe resource-rich device. 

12. The method of claim 10 wherein post-issuance verification is performed on a terminal 
device. 

20 13. The method of claim 9 wherein said verification is performed by the provider of said 
new program unit. 
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14. The method of claim 9 wherein said verification is performed by said applet provider. 

15. The method of claim 9 wherein said verification is performed by said device 
manufacturer. 

16. The method of claim 9 wherein said verification is performed by said device issuer. 

17. The method of claim 9 wherein said verification is performed by said applet provider 
and said device manufacturer. 

18. The method of claim 9 wherein said verification is performed by said applet provider 
and said device issuer. 

19. The method of claim 9 wherein said verification is performed by said device 
manufacturer and said device issuer. 

20. The method of claim 9 wherein said verification is performed by said applet provider, 
said device manufacturer and said device issuer. 

21. The method of claim 9 wherein said verification is performed by said applet provider, 
said device manufacturer, said device issuer and said trusted post-issuance installer. 
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22. The method of claim 9 wherein said verification is performed by said device 
manufacturer, said device issuer and said trusted post-issuance installer. 

23. The method of claim 9 wherein said verification is performed by said device 
manufacturer and said trusted post-issuance installer. 

24. The method of claim 9 wherein said verification is performed by said device issuer 
and said trusted post-issuance installer. 

25. The method of claim 9 wherein post-issuance verification is performed on a resource- 
rich device. 

26. The method of claim 9 wherein post-issuance verification is performed on a terminal 
device. 

27. A method for remote incremental program verification, said method comprising: 
receiving content verified by at least one content provider, said at least one content 

provider including an applet provider, a device manufacturer, a device issuer and 
an untrusted post-issuance installer, said content including at least one program 
unit, each program unit comprising an Application Programming Interface (API) 
definition file and an implementation, each API definition file defining items in 
its associated program unit that are made accessible to one or more other program 
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units, each implementation including executable code corresponding to said API 

definition file, said executable code including type specific instructions and data; 
installing said content on a resource-constrained device; 
issuing said resource-constrained device to an end user; and 
allowing post-issuance installation of verified content on said resource-constrained 

device by said untrusted post-issuance installer, said post-installation occurring 

after said issuance. 

28. The method of claim 27 wherein 

said untrusted post-issuance installer verifies a new program unit; and 
said untrusted post-issuance installer installs said verified new program unit on said 
resource-constrained device. 

29. The method of claim 28 wherein post-issuance verification is performed on a 
resource-rich device. 

30. The method of claim 28 wherein post-issuance verification is performed on a terminal 
device. 

31. The method of claim 28 wherein said verification is performed by the provider of said 
new program unit. 
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32. The method of claim 27 wherein said verification is performed by said applet 
provider. 

33. The method of claim 27 wherein said verification is performed by said device 
manufacturer. 

34. The method of claim 27 wherein said verification is performed by said device issuer. 

35. The method of claim 27 wherein said verification is performed by said applet provider 
and said device manufacturer. 

36. The method of claim 27 wherein said verification is performed by said applet provider 
and said device issuer. 

37. The method of claim 27 wherein said verification is performed by said device 
manufacturer and said device issuer. 

38. The method of claim 27 wherein said verification is performed by said applet 
provider, said device manufacturer and said device issuer. 
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39. The method of claim 27 wherein said verification is performed by said applet 
provider, said device manufacturer, said device issuer and said untrusted post-issuance 
installer. 

40. The method of claim 27 wherein said verification is performed by said device 
manufacturer, said device issuer and said untrusted post-issuance installer. 

41 . The method of claim 27 wherein said verification is performed by said device 
manufacturer and said untrusted post-issuance installer. 

42. The method of claim 27 wherein said verification is performed by said device issuer 
and said untrusted post-issuance installer. 

43. The method of claim 27 wherein post-issuance verification is performed on a 
resource-rich device. 

44. The method of claim 27 wherein post-issuance verification is performed on a terminal 
device. 



79 



SUN-P4176 

45. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform program verification, comprising: 
receiving content verified by at least one content provider, said at least one content 

provider including an applet provider, a device manufacturer and a device issuer, 
said content including at least one program unit, each program unit comprising an 
Application Programming Interface (API) definition file and an implementation, 
each API definition file defining items in its associated program unit that are 
made accessible to one or more other program units, each implementation 
including executable code corresponding to said API definition file, said 
executable code including type specific instructions and data; 
installing said content on a resource-constrained device; 

disabling subsequent installation of content on said resource-constrained device; and 
issuing said resource-constrained device to an end user. 

46. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform program verification, comprising: 
receiving content verified by at least one content provider, said at least one content 

provider including an applet provider, a device manufacturer, a device issuer and 
a trusted post-issuance installer, said content including at least one program unit, 
each program unit comprising an Application Programming Interface (API) 
definition file and an implementation, each API definition file defining items in 
its associated program unit that are made accessible to one or more other program 
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units, each implementation including executable code corresponding to said API 

definition file, said executable code including type specific instructions and data; 
installing said content on a resource-constrained device; 
issuing said resource-constrained device to an end user; and 
allowing post-issuance installation of verified content on said resource-constrained 

device by said trusted post-issuance installer, said post-installation occurring after 

said issuance. 

47. The program storage device of claim 46 wherein 

said trusted post-issuance installer verifies a new program unit; and 
said trusted post-issuance installer installs said verified new program unit on said 
resource-constrained device. 

48. The program storage device of claim 47 wherein post-issuance verification is 
performed on a resource-rich device. 

49. The program storage device of claim 47 wherein post-issuance verification is 
performed on a terminal device. 

50. The program storage device of claim 46 wherein said verification is performed by the 
provider of said new program unit. 
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51. The program storage device of claim 46 wherein post-issuance verification is 
performed on a resource-rich device. 

52. The program storage device of claim 46 wherein post-issuance verification is 
performed on a terminal device. 

53. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform program verification, comprising: 
receiving content verified by at least one content provider, said at least one content 

provider including an applet provider, a device manufacturer, a device issuer and 
an untrusted post-issuance installer, said content including at least one program 
unit, each program unit comprising an Application Programming Interface (API) 
definition file and an implementation, each API definition file defining items in 
its associated program unit that are made accessible to one or more other program 
units, each implementation including executable code corresponding to said API 
definition file, said executable code including type specific instructions and data; 

installing said content on a resource-constrained device; 

issuing said resource-constrained device to an end user; and 

allowing post-issuance installation of verified content on said resource-constrained 
device by said untrusted post-issuance installer, said post-installation occurring 
after said issuance. 
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54. The program storage device of claim 53 wherein 

said untrusted post-issuance installer verifies a new program unit; and 
said untrusted post-issuance installer installs said verified new program unit on said 
resource-constrained device. 

55. The program storage device of claim 54 wherein post-issuance verification is 
performed on a resource-rich device. 

56. The program storage device of claim 54 wherein post-issuance verification is 
performed on a terminal device. 

57. The program storage device of claim 54 wherein said verification is performed by the 
provider of said new program unit. 

58. A system for executing a software application, the system comprising: 

a computing system that generates executable code, comprising means for receiving 
content verified by at least one content provider, said at least one content provider 
including an applet provider, a device manufacturer and a device issuer, said 
content including at least one program unit, each program unit comprising an 
Application Programming Interface (API) definition file and an implementation, 
each API definition file defining items in its associated program unit that are 
made accessible to one or more other program units, each implementation 
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including executable code corresponding to said API definition file, said 
executable code including type specific instructions and data; 

means for installing said content on a resource-constrained device; 

means for disabling subsequent installation of content on said resource-constrained 
device; and 

means for issuing said resource-constrained device to an end user. 

. A system for executing a software application, the system comprising: 
a computing system that generates executable code, comprising means for receiving 
content verified by at least one content provider, said at least one content provider 
including an applet provider, a device manufacturer, a device issuer and a trusted 
post-issuance installer, said content including at least one program unit, each 
program unit comprising an Application Programming Interface (API) definition 
file and an implementation, each API definition file defining items in its 
associated program unit that are made accessible to one or more other program 
units, each implementation including executable code corresponding to said API 
definition file, said executable code including type specific instructions and data; 
means for installing said content on a resource-constrained device; 
means for issuing said resource-constrained device to an end user; and 
means for allowing post-issuance installation of verified content on said resource- 
constrained device by said trusted post-issuance installer, said post-installation 
occurring after said issuance. 
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60. The system of claim 59 wherein 

said trusted post-issuance installer includes a means for verifying a new program unit; 
and 

said trusted post-issuance installer includes a means for installing said verified new 
program unit on said resource-constrained device. 

61. The system of claim 60 wherein post-issuance verification is performed on a resource- 
rich device. 

62. The system of claim 60 wherein post-issuance verification is performed on a terminal 
device. 

63. The system of claim 59 wherein said verification is performed by the provider of said 
new program unit. 

64. A system for executing a software application, the system comprising: 

a computing system that generates executable code, comprising means for 
receiving content verified by at least one content provider, said at least one content 
provider including an applet provider, a device manufacturer, a device issuer and an 
untrusted post-issuance installer, said content including at least one program unit, each 
program unit comprising an Application Programming Interface (API) definition file 
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and an implementation, each API definition file defining items in its associated 
program unit that are made accessible to one or more other program units, each 
implementation including executable code corresponding to said API definition file, 
said executable code including type specific instructions and data; 
means for installing said content on a resource-constrained device; 
means for issuing said resource-constrained device to an end user; and 
means for allowing post-issuance installation of verified content on said resource- 
constrained device by said untrusted post-issuance installer, said post-installation 
occurring after said issuance. 

65. The system of claim 64 wherein 

said untrusted post-issuance installer verifies a new program unit; and 
said untrusted post-issuance installer installs said verified new program unit on said 
resource-constrained device. 

66. The system of claim 65 wherein post-issuance verification is performed on a resource- 
rich device. 

67. The system of claim 65 wherein post-issuance verification is performed on a terminal 
device. 
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68. The system of claim 65 wherein said verification is performed by the provider of said 
new program unit. 

69. A resource-constrained device, comprising: 

memory for providing content verified by at least one content provider, said at least 
one content provider including an applet provider, a device manufacturer and a 
device issuer, said content including at least one program unit, each program unit 
comprising an Application Programming Interface (API) definition file and an 
implementation, each API definition file defining items in its associated program 
unit that are made accessible to one or more other program units, each 
implementation including executable code corresponding to said API definition 
file, said executable code including type specific instructions and data; and 

a virtual machine that is capable of executing instructions included within said 
application software program. 

70. The resource-constrained device of claim 69 wherein said resource-constrained device 
comprises a smart card. 

71. The resource-constrained device of claim 70 wherein said virtual machine is Java 
Card™-compliant. 
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72. A resource-constrained device, comprising: 

memory for providing content verified by at least one content provider, said at least 
one content provider including an applet provider, a device manufacturer, a 
device issuer and a trusted post-issuance installer, said content including at least 
one program unit, each program unit comprising an Application Programming 
Interface (API) definition file and an implementation, each API definition file 
defining items in its associated program unit that are made accessible to one or 
more other program units, each implementation including executable code 
corresponding to said API definition file, said executable code including type 
specific instructions and data; 

an installer device for installation of said content on said resource-constrained device, 
said installation including installation of initial content and installation of 
additional content by said trusted post-issuance installer after said resource- 
constrained device is issued to an end user; and 

a virtual machine that is capable of executing instructions included within said 
content. 

73. The resource-constrained device of claim 72 wherein said resource-constrained device 
comprises a smart card. 



88 



• 4 



SUN-P4176 

74. The resource-constrained device of claim 73 wherein said virtual machine is Java 
Card™-compliant. 



75. A resource-constrained device, comprising: 

memory for providing content verified by at least one content provider, said at least 
one content provider including an applet provider, a device manufacturer, a 
device issuer and an untrusted post-issuance installer, said content including at 
least one program unit, each program unit comprising an Application 
Programming Interface (API) definition file and an implementation, each API 
definition file defining items in its associated program unit that are made 
accessible to one or more other program units, each implementation including 
executable code corresponding to said API definition file, said executable code 
including type specific instructions and data; 

an installer device for installation of said content on said resource-constrained device, 
said installation including installation of initial content and installation of 
additional content by said untrusted post-issuance installer after said resource- 
constrained device is issued to an end user; and 

a virtual machine that is capable of executing instructions included within said 
content. 
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76. The resource-constrained device of claim 75 wherein said resource-constrained device 
comprises a smart card. 

77. The resource-constrained device of claim 76 wherein said virtual machine is Java 
Card™-compliant. 
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